Login

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco Adaptive Security Appliance (ASA) is missing a vendor-supplied security patch. It is, therefore, affected by a remote code execution vulnerability due to an overflow condition in the Internet Key Exchange (IKE) implementation. An unauthenticated, remote attacker can exploit this, via a specially crafted UDP packet, to cause a denial of service or the execution of arbitrary code. Note that only systems configured in routed firewall mode and single / multiple context mode are affected.

Solution

Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20160210-asa-ike.